Nuage Networks VSP supports Docker-based applications running on OpenShift Container Platform
to accelerate the provisioning of virtual networks between pods and traditional
workloads, and to enable security policies across the entire cloud
infrastructure. VSP allows for the automation of security appliances to include
granular security and microsegmentation policies for container applications.

Integrating VSP with the OpenShift Container Platform application workflow allows business
applications to be quickly turned up and updated by removing the network lag
faced by DevOps teams. VSP supports different workflows with OpenShift Container Platform in
order to accommodate scenarios where users can choose ease-of-use or complete
control using policy-based automation.

See
Networking
for more information on how VSP is integrated with OpenShift Container Platform.

Developer Workflow

This workflow is used in developer environments and requires little input from
the developer in setting up the networking. In this workflow,
nuage-openshift-monitor is responsible for creating the VSP constructs (Zone,
Subnets, etc.) needed to provide appropriate policies and networking for pods
created in an OpenShift Container Platform project. When a project is created, a default zone
and default subnet for that project are created by nuage-openshift-monitor.
When the default subnet created for a given project gets depleted,
nuage-openshift-monitor dynamically creates additional subnets.

A separate VSP Zone is created for each OpenShift Container Platform project ensuring
isolation amongst the projects.

Operations Workflow

This workflow is used by operations teams rolling out applications. In this
workflow, the network and security policies are first configured on the VSD in
accordance with the rules set by the organization to deploy applications.
Administrative users can potentially create multiple zones and subnets and map
them to the same project using labels. While spinning up the pods, the user can
use the Nuage Labels to specify what network a pod needs to attach to and what
network policies need to be applied to it. This allows for deployments where
inter- and intra-project traffic can be controlled in a fine-grained manner. For
example, inter-project communication is enabled on a project by project basis.
This may be used to connect projects to common services that are deployed in a
shared project.

Installation

The VSP integration with OpenShift Container Platform works for both virtual machines (VMs)
and bare metal OpenShift Container Platform installations.

Installation for a Single Master

In the Ansible nodes file, specify the following parameters in order to set up
Nuage VSP as the network plug-in:

Installation for Multiple Masters (HA)

An environment with High Availability (HA) can be configured with multiple
masters and multiple nodes.

Nuage VSP integration in multi-master mode only supports the native HA
configuration method described in this section. This can be combined with any
load balancing solution, the default being HAProxy. The inventory file contains
three master hosts, the nodes, an etcd server, and a host that functions as the
HAProxy to balance the master API on all master hosts. The HAProxy host is
defined in the [lb] section of the inventory file enabling Ansible to
automatically install and configure HAProxy as the load balancing solution.

In the Ansible nodes file, the following parameters need to be specified in
order to setup Nuage VSP as the network plug-in: